Manualshelf

HP-UX IPSec A.02.00.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
891011121314151617
HP-UX IPSec Release Notes
Patches and Fixes in This Version
Chapter 1 15
Patches and Fixes in This Version
The following bug fixes have been integrated into the A.02.00.01 release:
JAGaf20785: When using ESP with IPv6, the IPSec SA lifetime byte count is incorrect. If
the IPSec SA has a hard (non-infinite) lifetime byte count, transmission will fail if the
byte count reaches the hard lifetime on the receiver but not the sender. The receiver will
drop the packets.
The output from the command ipsec_report -sad on the receiver will show the current
lifetime in kilobytes is equal to or approaching the hard lifetime value, but the
ipsec_report -sad output on the sender will show a lower value for the current lifetime
in kilobytes.
JAGaf32179: The ipsec_config show command displays IKE ID type IPV6 as INVALID.
If an authentication record contains a local or remote IKE ID type with the value IPV6,
the ipsec_config show command displays INVALID for the ID type value.
JAGaf32191: If the customer removes HP-UX IPSec and then re-installs IPSec, the
command ipsec_admin -start fails.
If the customer removes HP-UX IPSec and then re-installs IPSec, the command
ipsec_admin -start fails with the following message:
IPSEC_ADMIN: ERROR-read_admin_info() : Failed to verify ipsec password.
JAGaf32473: After an IP interface is configured down, all IKE negotiations fail on
remaining IP interfaces.
On systems with multiple IP interfaces, if an IP interface is configured DOWN (ifconfig
interface_name
down) after HP-UX IPSec is started, all subsequent IKE negotiations
fail on remaining IP interfaces. If the local system is the ISAKMP initiator, the HP-UX
IPSec audit file will show messages similar to the following:
Msg: 1486 From: IKMPD Lvl: INFORMATIVE Date: Fri Jul 16 13:23:14 2004
Event: INET socket 0 sending message to peer
nnn.nnn.nnn.nnn
Msg: 1487 From: IKMPD Lvl: ALERT Date: Fri Jul 16 13:23:14 2004
Event: Error (216) sending data to INET socket 0
If the local system is the ISAKMP responder, the HP-UX IPSec audit file will show
messages: similar to the following:
Msg: 1095 From: IKMPD Lvl: INFORMATIVE Date: Fri Jul 16 13:12:55 2004
Event: INET socket 19 received message from peer
nnn.nnn.nnn.nnn
Msg: 1096 From: IKMPD Lvl: INFORMATIVE Date: Fri Jul 16 13:12:55 2004